Webroot® Business Endpoint Protection
Welcome to the Endpoint Protection and management console Discussion Forum!
- 1,128 Topics
- 3,583 Replies
Hi Please could someone let me know which specific ports to allow outbound to the following URLs as part of the SecureAnywhere Endpoint Protection setup: [b]Communicating Through a Firewall[/b] If a firewall is in place, please allow Webroot’s path masks through the firewall, as described in the following table. PATHINFORMATION *.prevxinfo.com -- *.prevx.com -- *.amazonaws.com -- *.cloudfront.net -- *.webrootcloudav.com Covers the g-url’s as well as several other target addresses. *.*.webrootcloudav.com Some devices don’t like a single * for urls that contain dots in the value of *. *.p4.webrootcloudav.com For devices that don't like multiple *’s. *.compute.amazonaws.com Covers inbound communication from the Amazon cloud servers. *.webroot.com To be used for future communications *.webrootanywhere.com To be used for future communications Thanks
It would be a lot easier if I could had people to custom groups and just assign groups. There are people that need only access to one site. I have many tech that i would like to include in a group to give full access to all sites. There are many sales and account people i would like to give read only access to everything. If I could use groups at the site level to include all uses in the group it would make life a lot easier to manager when adding additional customers instead of having to manually select everyone's individual permissions.
In the Webroot console, how do we permanently delete a quarantined threat? I see in the front-end user GUI the option to permanently delete from quarantine, but user receives error message that settings are centrally managed. Also, will the "Needs Attention" then clear? On a similar note, if we create an override for a found threat, should the "Needs Attentions" clear or about how long should it take before that status clears? Thanks so much for any input!
Hi I am trying to install a new version of Webroot onto a machine that have previously had an installtion of webroot on them. When I install the new version they old licence key is being used and the PC is reporting into our old MSP's console. I've tried to use the installer with the licence key already and the MSI and manually enter the licence key however it this doesnt seem to work. Any ideas? Thanks Steve
I am trying to use simulations posted here - https://community.webroot.com/unity-api-forum-49/getting-started-with-the-webroot-unity-api-and-postman-274427 to setup Postman to communicate with the Unity API. I am logged in as Admin in the GSM console. However, following the instructions in the Simulation or the GSM Admin Guide documentation, I don't see the [b]API[/b] [b]Access[/b] tab. [img]https://d1qy7qyune0vt1.cloudfront.net/webroot-en/attachment/9f3e8b9d-8934-4fd7-8044-e990e5f7d255.png[/img] Based on the tabs, I think I am in the Business Console. Could you please let me know if the API Access is available in the Business Console or should I convert to the Managed Service Provider Console (which if I do, then I can't go back to the Business console)
Webroot Endpoint Protection 188.8.131.52 Citrix Receiver 3.4 Enterprise connecting to a XenApp 6.5 farm Recently we've had a rash of complaints of users whose printers stop working in our XenApp 6.5 environment. We find that the printers are showing offline on the Citrix servers when this happens. In order to stop this, we either have to disable 'Scan files when written or modified' as per CTX218745, or totally remove Webroot from the workstation (whether Windows 7 or 10). Obviously both of these are big security concerns! One of our customers' onsite technicians says he called Webroot on this and was supposedly told that this was a known issue and would be resolved in a future release. Is this actually the case? If so, when will it be resolved?
We have a Windows 7 laptop, where we have installed Webroot SecureAnywhere. Recently, the laptop was assigned to a new hire. The laptop was reformatted, installed again with Windows 7 and configured with a new PC name. Webroot was also reinstalled. Now, on the console, the endpoint appears with the new name. However, the old endpoint name is also listed. What is the best practice in removing the old name from the console. Deactivating? Uninstall the agent via Agent Commands > Agent > Uninstall? We want to make sure the endpoint with new name is not affected as this laptop is now online and in use. Thanks!
I run an MSP and I've been shopping around for a Endpoint antivirus. I recently tried WebRoot. I've installed the end point on two of our inhouse machines. Both of the machine had BSOD errors shortly after. Does anyone have any experience with WebRoot and these problems. Obviously I'm not too keen on rolling this out to my customers.
I am new at using the webroot endpoint security. I had a threat detected on one of my endpoints and I was alerted on the webroot management console dashboard. I clicked on the 1 endpoint protect needs attention to view threat. As usual, it gave me information on the threat and the endpoints affected by the threat. On the very right-hand side, there is a brush icon to clean up the threat. I clicked on to manually clear the threat, all it did was run a scan on that endpoint but it did not remove the threat. The threat is quarantined but it keeps alerting me on the dashboard saying 1 endpoint needs protection. I assumed that I had the ability to manually clear threats on endpoints, but I may be wrong. I had used other endpoint protection software in the past that gave me the ability to manually clear threats on endpoints. If I can get some enlightenment on how threats are cleared, whether if its automatic or manual. I will really appreciate the feedback and responses.
Beginning this morning, our SonicWall gateway antivirus has started blocking the endpoint upgrade to 184.108.40.206 - clearly a false positive signature in the SonicWall AV database. What are the IP address ranges for the Business Endpoint Protection service so that I can add them to my firewall exclude list?
We are starting to see a threat register on our WebRoot Endpoint Protection under Visual Studio that is registering in the malware group System.Monitor.Project.Neptune, which is a key logger. The file name is submain.ghostdoc.codeobjectmodel.dll. Anyone have any insight on whether this is a false positive or not?
Dealing with a line of issues with Webroot and Labtech[Automate:On-Prim]. Just discovering some computers are listed as non-GSM in the Webroot plugin. Why would this be the case they definitly should be and are GSM. Has anyone had this issue, or have resolved this issue and could share.
My ERP software is faitly limited when it comes to hostnames and DNS. I need to add a host to the 'host' file, but Webroot doesnt allow that edit from the command line. Is it possible to shutdown Endpoint Security make my edits and and then restart via the CLI?
We want to demonstrate the need for Webroot to prospective customers who use traditional AV software. So I wrote a simple "ransomware" program that only affects a test folder. It is a compiled .exe program that: [list=1] [*]Reads files one at a time from a test folder (c:userspublicvideos est) [*]Encrypts the file contents. [*]Writes the file to filename.txt.crypt. [*]Deletes the file.[/list]My expectation was that Webroot would see that a new .exe program was encrypting and deleting files and block it, but it did not. I have run the program from a Command Prompt window, from Windows Explorer and from a Desktop shortcut. I also ran this ransomware simulator on a VM protected by a dedicated anti-ransomware program, CryptoDrop, but it, too, allowed the deletions. As I am not an experienced white hat hacker, I am sure I am missiing something. I am aware of KnowBe4's RanSim ransomware simulator, but by now it is well known to signature-based antivirus products. I'd like to be
We have found after some deployments of the newest version that a percentage of clients are having issues with files on Windows file shares. With some clients, Excel spreadsheets are showing as blank upon opening. In our case, every time Webroot is closed, the file share issues go away. We have an open case with Webroot. They have told us this issue was discovered and known (as of this time, it is still not posted on the forum's "Known Issues"), but we received conflicting reports; some techs knew the issue, but other people higher up at that point did not. This pointed to us for a real need for communication within Webroot, as it seems like the left hand may not know what the right hand is doing. At this time, I would actively discourage any MSP or large business client from updating past 220.127.116.11. In fact, my topic is also a request: I need the MSI file from 18.104.22.168 so we may roll back our clients, and more importantly, I nee
Hello! I have a questing regarding the reports generated from all the sites and clients in the GSM. The dashboard showes that there are an x number of active clients, but this number deviates from the number of site workstations. Is there any raport that shows this so I can take steps to fix this? Thanks in advance!
Hello, We have an infection currently spreading through our network. New endpoints are popping up on the SecureAnywhere console every few minutes as infected. Some are 'protected', others are 'need attention'. The infection is reported as W32.BitCoinMiner. The file list is shown below. [img]https://d1qy7qyune0vt1.cloudfront.net/webroot-en/attachment/34855iDC60DA29DD27CAC6.jpg[/img] I need to determine a. The point of entry - which computer introduced this and how. Was it via the web? local usb device? etc. b. How the infection is able to spread. So far it has affected two AD sites, spanning two IP subnets. It has not spread to any servers yet. Does anyone have any tips on how best to understand and investigate the two points above? Many thanks Michael.
I've installed webroot on a macbook using wsamacsme.dmg and key The installer start, stopped when there's a security setting to do, then start to scan After few time the windows closed and i've no icon finder bar ! I cannot enter on SecurAnywhere control panel.. I've tried to uninstall and reinstall but nothing.. I've set as not managed on GSM but no icon the same.. Looking process i see it running what can i do more ??
Folks, I'm really interested to understand what apps you are running on users Windows computers. This is for us to better align our test systems with what you have. Example:- Windows 7 32bit with [list] [*]Office 365 [*]WSA [*]Chrome [*]Open VPN Client [*]RMM Agent[/list] Please post below with your replies Many thanks Jonathan.giffard Senior Product Manager WSA Business
Creating Whitelist Overrides in the Endpoint consoleKnowledge Base
Global whitelist overrides can now be set on a file or folder level as well as the traditional MD5 (Message-Digest algorithm 5) level in Endpoint Protection. This upgrade allows greater flexibility in the deployment of overrides and means that multiple related MD5 overrides no longer have to be whitelisted individually, instead the whole associated directory can simply be whitelisted. [i][b]Note:[/b] If you detect or remove a file before an exclusion or override is in place, you will need to uninstall then reinstall or ensure that the detected files are restored from quarantine. If the files are still located locally in the quarantine or block/allow tab, the exclusion does not work.[/i] [b]To create a whitelist override:[/b] 1. Log in to your [url=https://my.webrootanywhere.com/default.aspx]Endpoint Protection console[/url]. The Endpoint Protection console displays, with the Status tab active. [img]https://docs.webroot.com/us/en/business/wsa
Hi guys, I have some noobish questions on depolying to endpoints using group policy in active directory. I know I can use the MSI file that is downloaded from my web console. I have downloaded it. I have also put that file in my group policy shared folder, and I can see how I deploy MSI files using GPO>Computer Configuration>Policies>Software Settings>Software installation. Now where to go from here? I understand that the MSI is interactive, and I want it it to be silent and put in its own product key. It sounds like what this guy is talking about here, but I don't know where or how to put in those command line arguments....and where to go from here. [url=https://community.webroot.com/t5/Endpoint-Protection-and-GSM-KB/Using-MSI-for-Deployment/ta-p/326532]https://community.webroot.com/t5/Endpoint-Protection-and-GSM-KB/Using-MSI-for-Deployment/ta-p/326532[/url]
How to submit a ticket to Business SupportKnowledge Base
[b]This solution addresses Webroot SecureAnywhere Business – Endpoint Protection [/b] To submit a support ticket for Webroot SecureAnywhere Business Endpoint Protection, [url=https://mysupport.webrootanywhere.com/supportwelcome.aspx?SOURCE=ENTERPRISEWSA]click here[/url]. If prompted, log into your account. If you prefer to speak with a support representative by phone, [url=https://www.webroot.com/us/en/business/support/contact]click here[/url] for a list of our telephone numbers.
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.